CVE-2016-3079

Name: CVE-2016-3079
Creator: NVD / NIST
Published: 2016-04-14T14:59:08.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.58%

Last modified Jun 17, 2026

CVE-2016-3079 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).. EPSS estimates a 1.58% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

Metrics

EPSS Probability

1.58%

72.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Redhat	Satellite	5.7
Redhat	Spacewalk-Java	All versions

References

Timeline

Published: Apr 14, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-3079?

How severe is CVE-2016-3079?

Severity scoring for CVE-2016-3079 is pending analysis. The EPSS model estimates a 1.58% probability of exploitation in the next 30 days.

How do I fix CVE-2016-3079?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-3079?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST